X-No-Archive: yes
On Thu, 30 Oct 2008 07:40:00 -0700 (PDT), seconserv <seconserv@yahoo.com> wrote:
> Announcing the release of Anti-Steganography (AntiSteg v1.00):
> antisteg100.zip AntiSteg 1.00: Anti-Steganography
> AntiSteg is a command line tool for cleaning images of
> potentially harmful steganographical content. Many popular
> image formats (especially those used on the Web) are handled
> by the tool.
> Steganography is a means by which information is hidden
> inside of images (often via high-encryption algorithms),
> making them completely invisible to all standard image
> viewers. Stegged images can carry extremely harmful
> payloads, which include, but are not limited to:
> Child pornography
> Viruses, Trojans, Spyware, Spamware, and other Malware
> Sensitive personal/corporate Data
> AntiSteg does not attempt to extract the actual hidden data,
> but simply antistegs the content, making it impossible to
> be retrieved at a later point in time. This approach allows
> it to quickly clean a computer, even if 100,000s of images
> are stored on it. In contrast, trying to desteg just one
> image which uses a high encryption encoding (256 bit or
> higher), and a properly selected password is computationally
> nearly infeasible.
> Since the amount of images stored on the Web approaches
> staggering numbers (anywhere from 100s of billions to
> trillions), the possibility to successfully store and
> trade/sell child pornography, distribute viruses, or
> exchange sensitive information is very high. Even worse,
> anybody who operates a web site (personal or corporate)
> that contains images, may unwittingly be helping
> pedophiles, black-hat hackers, or data spies in their
> operations. Of course, the same holds true for any
> e-mail attachment, or MMS being sent!
> Currently available antivirus, antispyware, and antimalware
> tools do NOT address this problem! Companies that allow
> image specific searches - like Google - do NOTHING to prevent
> stegged images from being spread via their services!
> Special requirements: None.
> Freeware. Uploaded by the author.
> Security Online Services
> E-Mail:
> seconserv@yahoo.com
> Web:
> http://seconserv.freewebsitehosting.com
> http://geocities.com/seconserv
> NewsGroups:
> http://groups.google.com/group/antisteg
For a general discussion of steganography, google
steganography wiki
In practical terms, digital-file steganography takes, as its
base, a reference file and encodes its covert information --
which need not even be encrypted -- by altering specific bits
in specific bytes of the file according to some prearranged
scheme; the information is recovered by comparing the altered
file with the base file. Digital files containing music and
photographic images are well-suited to steganography because
changes in the low-order bits of their audels and pixels are,
for all practical purposes, inaudible and invisible.
As the steganographic data are contained in the *differences*
between the altered and the base files, it is rather difficult
to conceive of how the presence of steganographic data in a
file can be detected without comparing it with another file;
and thus it is difficult to conceive of how a general-purpose
program could "detect", much less "remove", steganographic
information.
Whilst it is possible that the developer of this program has
confused *appending* a second file to a .jpg or .mp3 -- which
most JPEG or MP3 players will silently ignore, but a quite
simple program can easily detect -- with *altering* a file
to contain steganographic data, a reasonable suspicion here
is that this program may, itself, be *malware*. Unless you
have read and understood all its source code, and compiled
an executable from that source code on your own system, how
can you know that this "tool" does what it claims to do?
Ronin
|
|